Hello, welcome to the Tuesday, July 31st, 2018 edition of the Sands and at Storm Centers.

Stormcast, my name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

We ran into some interesting malware samples that attempted to execute heavily obfuscated DOS commands.

Instead of jumping straight to PowerShell as we typically see these days, these documents

will first run commands via command.exe to then generate a PowerShe script from these heavily obfuscated DOS commands.

The idea here is certainly to try to evade some antivirus scanners,

and to make it obviously more difficult for analysts to actually decode the payload,

the DE actually had some issues here with some simple static decoding?

So what he ended up doing is just do a dynamic analysis on these samples, which worked quite fine.

But of course, that's a more risky approach to analyzing malware.

And Let's Encrypt had a little bit an off day today.

For a short time, Let's Encrypt.org did not resolve.

The outage lasted for about two hours and according to Let's Encrypt, at least to their status

page, the reason for the outage was that the domain was marked as client hold

by the registrar. Now, the client hold state is typically set by registrars to respond to abuse issues

or to hold the domain after the client failed to pay their bills, so to give the client

essentially some time to pay up. Not really sure

what happened exactly here. The result was that the dot-org name servers no longer resolved,

let's encrypt.org. Now, the impact was limited. Of course, if you try to issue a new certificate during that

outage, then your system wasn't able to resolve let's encrypt.org and that certificate issue

failed. Now, renewals, of course, is what people usually are most concerned about. You should

renew like about a month or so I think is what

...